Accounting using Syslog
Keep track of all executed commands on a Cisco devices is one of the mandatory features for network engineer to ensure deep accounting and advanced monitoring about their networks.
This task is usualy accomplished by deploying Tacacs+ Server and enabling AAA new-model. However, in this post we will demonstrate another way to get slightly the same result with all details about executed commands, in which configuration mode, at what time, by which user, and returning results (if it is a show command for example).
- Basic Configuration :
Router#conf t Router(config)#archive Router(config-archive)#log config Router(config-archive-log-cfg)#logging enable Router(config-archive-log-cfg)#logging size 1000 Router(config-archive-log-cfg)#hidekeys
All executed commands will be stored locally in the device. What can be seen using “show archive log config all” command
Router#sh archive log config all idx sess [email protected] Logged command 1 1 [email protected] |interface FastEthernet0/24 2 1 [email protected] | description Connection_to_Internet 3 1 [email protected] | no shutdown
The log file has a limited size and its content can be deleted. The reason why it is recommanded to send notifications to a syslog server about each information.
! Router(config)#logging host 172.16.254.1 Router(config)#archive Router(config-archive)#log config Router(config-archive-log-cfg)#notify syslog !